Fast fix

Epic responded two days later saying that it was distributing a fix after “working around the clock” to create it.

“We would like to request the full 90 days before disclosing this issue so our users have time to patch their devices,” the games company added.

Google’s disclosure rules state that it reveals details of bugs to the public 90 days after reporting them to the developers responsible if they have not been tackled, but only waits one week after a patch is made “broadly available”.

As such, it rejected the request.

Mr Sweeney has said he is grateful that Google audited his firm’s software and notified it of the flaw.

But he denied suggestions that the tech giant had acted in users’ interests by refusing to keep the matter private until mid-November.

There’s a technical detail here that’s important. The Fortnite installer only updates when you run it or run the game. So if a user only runs it every N days, then the update won’t be installed for N days. We felt N=90 would be much safer than N=7.

“Epic Games’ decision to bypass the Google app store shows that when security conflicts with commercial interests, often the commercial interests win but at the cost of the public’s safety online,” commented Professor Steven Murdoch, a security researcher at University College London.

“Security is no longer just the result of people making good technical decisions, but also that the complex commercial structures in place work for, and not against, better online security.”

In a separate development, Epic has announced an incentive for all Fortnite players to activate two-factor authentication to reduce the risk of their accounts being stolen.

This requires gamers to enter a code sent to their phone or email address in addition to their password when signing in.

Those that adopt the practice can use the game’s Boogiedown dance moves.